beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
1703 commits 83 branches 177 tags 151 MiB
Commit graph

49 commits

Author SHA1 Message Date
mmetc b48b728317
cscli support: include stack traces (#2935) 2024-04-22 23:54:51 +02:00
mmetc caca4032d1
lapi: log error "can't sinchronize with console" only if papi is enabled (#2896) 2024-03-14 14:03:43 +01:00
mmetc 6c042f18f0
LAPI: local api unix socket support (#2770) 2024-03-14 10:43:02 +01:00
mmetc dc698ecea8
log "loading papi client" only if papi is enabled (#2762) 2024-01-22 13:25:36 +01:00
mmetc 24b5e8f100
Fix #2733 "cscli hang forever when i try to delete a decision" (#2745) 2024-01-16 09:16:21 +01:00
mmetc c6e4762f28
apiserver: remove cached field isEnrolled (#2744) 
not worth it just to avoid parsing a string twice
 2024-01-16 09:14:33 +01:00
mmetc 75d8ad9798
apiclient/apiserver: lint (#2739) 2024-01-15 11:44:38 +01:00
mmetc 437a97510a
apiclient: handle 0-byte error response (#2716) 
* apiclient: correctly handle 0-byte response
* lint
 2024-01-10 12:00:22 +01:00
mmetc 89f704ef18
light pkg/api{client,server} refact (#2659) 
* tests: don't run crowdsec if not necessary
* make listen_uri report the random port number when 0 is requested
* move apiserver.getTLSAuthType() -> csconfig.TLSCfg.GetAuthType()
* move apiserver.isEnrolled() -> apiclient.ApiClient.IsEnrolled()
* extract function apiserver.recoverFromPanic()
* simplify and move APIServer.GetTLSConfig() -> TLSCfg.GetTLSConfig()
* moved TLSCfg type to csconfig/tls.go
* APIServer.InitController(): early return / happy path
* extract function apiserver.newGinLogger()
* lapi tests
* update unit test
* lint (testify)
* lint (whitespace, variable names)
* update docker tests
 2023-12-14 14:54:11 +01:00
blotus 04f3dc09f9
remove PAPI feature flag (#2601) 2023-12-08 14:55:45 +01:00
mmetc 23968e472d
Refact bouncer auth (#2456) 
Co-authored-by: blotus <sebastien@crowdsec.net>
 2023-12-04 23:06:01 +01:00
mmetc ffadd42779
update dependency on go-cs-lib; drop the pkg/ part (#2393) 2023-07-28 16:35:08 +02:00
mmetc 9967d60987
errors.Wrap -> fmt.Errorf (#2333) 2023-07-06 10:14:45 +02:00
mmetc 5b3200173e
don't pre-create log files (not required anymore) (#2267) 
The lumberjack package fixed the issue in natefinch/lumberjack#83 (tested with umask 002) and this code is now redundant since we updated the dependency to v2.2.1.
 2023-06-07 12:58:35 +02:00
mmetc 025f14f879
merge system cert pool with own certs (#2226) 2023-05-25 10:10:58 +02:00
mmetc 534328ca30
decouple bouncer dependencies: use go-cs-lib/pkg/* (#2216) 
* decouple bouncer dependencies: use go-cs-lib/pkg/trace
* decouple bouncer dependencies: use go-cs-lib/pkg/version
* decouple bouncer dependencies: use go-cs-lib/pkg/yamlpatch
* decouple bouncer dependencies: use go-cs-lib/pkg/csstring
* unused import
 2023-05-23 10:52:47 +02:00
blotus 91eb39cff6
New PAPI commands: reauth + force_pull (#2129) 2023-03-21 14:06:19 +01:00
Thibault "bui" Koechlin a74e424d53
support ip and cidr based whitelists for capi and 3rd party blocklists (#2132) 
* support ip and cidr based whitelists for capi and 3rd party blocklist
 2023-03-21 11:50:10 +01:00
blotus 16a3be49e2
do not try to load PAPI is url is not set (#2099) 2023-03-06 15:38:58 +01:00
Laurence Jones 8acce4637a
Option to disable remote lapi registration (#2010) 
* Allow to disable remote lapi registration

* Extract method and make it extendable as a generic middleware

* Change method name so it make sense to read abort remote if <config>

* golint
 2023-02-24 13:44:21 +00:00
Thibault "bui" Koechlin 1d7d377f8b
changes following BL tests (#2038) 
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2023-02-08 10:35:21 +01:00
Thibault "bui" Koechlin e927717fa0
Polling API Integration (#1715) 
Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: he2ss <hamza.essahely@gmail.com>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2023-01-31 14:47:44 +01:00
mmetc 3fb3decf49
error if tls.key_file or cert_file are missing (#2020) 2023-01-26 17:12:59 +01:00
mmetc 104f5d1fe6
lint: error handling cleanup (#1877) 2022-11-29 09:16:07 +01:00
mmetc 66543493b5
fix nil dereference: check that httpServer is set before shutting down (#1893) 2022-11-28 11:55:08 +01:00
mmetc fde9640364
Docker refactoring, tls setup (#1869) 2022-11-28 10:35:12 +01:00
mmetc edced6818a
cleanup + fix flaky tests in file_test.go, apic_test.go (#1773) 2022-09-30 16:01:42 +02:00
mmetc 414282a2c9
golangci-lint 1.49 and related fixes (#1736) 2022-09-06 13:55:03 +02:00
AlteredCoder 5f62d738fc
Add no-capi flag and review some logs (#1628) 
* Add no-capi flag and review some logs
 2022-07-01 16:56:13 +02:00
mmetc 8e7e799304
[wip] serve metrics only after agent and/or lapi are ready; fixed some func tests (#1613) 2022-06-24 15:55:21 +02:00
Thibault "bui" Koechlin 1c0fe09576
Add support for certificate authentication for agents and bouncers (#1428) 2022-06-08 16:05:52 +02:00
mmetc 799cc82bb5
functional tests, minor refactoring and lint/cleanup (#1570) 
* cmd/crowdsec: removed log.Fatal()s, added tests and print error for unrecognized argument
* updated golangci-lint to v1.46
* lint/deadcode: fix existing issues
* tests: cscli config backup/restore
* tests: cscli completion powershell/fish
* err check: pflags MarkHidden()
* empty .dockerignore (and explain the reason)
* tests, errors.Wrap
* test for CS_LAPI_SECRET and minor refactoring
* minor style changes
* log cleanup
 2022-06-06 15:24:48 +02:00
mmetc 1fc9587919
fix #1283: update and enable error reports from golangci (#1523) 2022-05-25 22:27:50 +02:00
mmetc 131ed1b0a7
error reporting (#1501) 
* unified error reporting, removed redundancy, tests
 2022-05-19 10:48:08 +02:00
Shivam Sandbhor 023ac9e138
Add trusted IPs which have admin API access (#1352) 
* Add trusted IPs which have admin API access
 2022-03-16 17:28:34 +01:00
Thibault "bui" Koechlin a88848009a
fix default perms for log file (#1177) 
* fix default perms
 2022-01-18 16:54:02 +01:00
Thibault "bui" Koechlin 40ed810c0b
Gin upgrade (#1174) 
* upgrade gin / gin-jwt, and add a new 'trusted_proxies' option to provide trusted CIDRs
 2022-01-17 17:18:12 +01:00
Thibault "bui" Koechlin 6e92da76ad
lapi to capi : allow push of tainted/custom/manual decisions (#1154) 
* add console command to control signal sharing
* modify metrics endpoint to add lastpush

Co-authored-by: alteredCoder <kevin@crowdsec.net>
 2022-01-13 16:46:16 +01:00
Thibault "bui" Koechlin 950759f6d6
Output plugins (#878) 
* Add plugin system for notifications (#857)
 2021-08-25 11:43:29 +02:00
Thibault "bui" Koechlin 01028d0a09
Goroutine leak hunt (#874) 
* close the writers of gin loggers + kill the tomb of httpServer

* body close defer
 2021-07-30 11:41:17 +02:00
Lars Lehtonen d86ba98cff
pkg/apiserver: fix dropped error (#700) 
* pkg/apiserver: fix dropped error

* pkg/apiserver: remove unused Context from APIServer{}
 2021-04-07 14:51:00 +02:00
Thibault "bui" Koechlin 4bb34d8e77
fix #723 : intercept http2 stream closed errors (#724) 
* fix #723 : intercept http2 stream closed errors

* factorize the 'dump stacktrace' code
 2021-04-07 14:31:03 +02:00
Thibault "bui" Koechlin cd06929e75
honor log levels for api : don't log access logs if level is warn/err (#732) 
* honor log levels for api : don't log access logs if level is warn/err

* add basic test for logging of api server
 2021-04-07 11:39:24 +02:00
Thibault "bui" Koechlin 6d28599efa
Ensure LAPI logs respect log_media (#707) 
* if log_media is set to file, don't try to log to stdout

* use the log media no matter what
 2021-03-22 17:46:55 +01:00
registergoofy a8b16a66b1
truely don't try to send anything with empty online credentials configuration file (#657) 
* truely don't try to send anything with empty online credentials config file

Co-authored-by: AlteredCoder <AlteredCoder>
 2021-03-02 09:25:12 +01:00
Thibault "bui" Koechlin 7f40160f6e
only set logfile dir if media is file (#615) 2021-02-11 18:28:01 +01:00
blotus 260332c726
Add use_forwarded_for_headers configuration option for LAPI (#610) 
* Add use_forwarded_for_headers configuration option for LAPI

* update documentation
 2021-02-09 19:10:14 +01:00
Thibault "bui" Koechlin e74f221044
Fix default configurations (#597) 
* fix default perms on SQLite file

* seed the prng securely

* fix defaults to enforce certificates verification

* ensure file is within path

* ensure the directory doesn't exist beforehand

* verify certificate by default

* disable http ip forward headers
 2021-02-02 14:15:13 +01:00
Thibault "bui" Koechlin dbb420f79e
local api (#482) 
Co-authored-by: AlteredCoder
Co-authored-by: erenJag
 2020-11-30 10:37:17 +01:00